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Abstract. We present a Curry-style second-order type system with union and inter- 
section types for tlie lambda-calculus with constructors of Arbiser, Miquel and Rios, an 
extension of lambda-calculus with a pattern matching mechanism for variadic constructors. 
We then prove the strong normalisation and the absence of match failure for a restriction 
of this system, by adapting the standard reducibility method. 



Introduction 

Pattern matching is a crucial feature in modern programming languages. It appeared 
in the late 60's [TT], first as a simple detection of rigidly specified values. Although it still 
has this basic form in most imperative languages (as the case of Pascal or the switch of C), 
it now comes with more elaborated features in main functional programming languages \n\ 
[I2l[l6] and proof assistants (especially those based on type theory [6l[l]). In particular, the 
pattern matching "a la ML" is able to decompose complex data-structures. 

From the theoretical point of view, many approaches have been proposed to extend 
lambda-calculus [4] with pattern matching facilities, such as the Rho-calculus [8], the Pure 
pattern calculus [15] and the Lambda calculus with constructors [2\. Typed versions have 
also been presented for such calculi [5l [131 EHl E]. 

The lambda-calculus with constructors [3] decomposes the pattern matching a la ML 
using a case construct 

{jci i-^ ui; . . . ; Cn ^ Un^ ■ t 
performing case analysis on constant constructors, in the spirit of the case of Pascal. Com- 
posite data structures consist of constructor applied to one or many arguments. Their 
destruction is achieved using a commutation rule between case and application^: 

(CaseApp) M = {P\i-t)u 



1998 ACM Subject Classification: F.3.2, F.4.3. 
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^Which differs from the commutative conversion rules [10] coming from logic. 
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Thanks to this rule, one can encode the whole ML-style pattern matching in the calculus, 
and write destruction functions on more complex data types, such as for instance the pre- 
decessor function: pred = Ax.{|0 i-^ 0; S i— )■ A^.^H • x, 
which satisfies: pred (S n) = -{JO i— > 0; S i— > Az.z^- • (S n) 

= ({|0 1-^ 0; S i-> Xz.z^ ■ S) n 

= (Xz.z) n 

= n 

Actually, one can even encode pattern matching for variadic constructors. The A- 
calculus with constructors enjoys many good properties, such as confluence and separation 
(in the spirit of Bohm's theorem). It comprises nine rules, among which we can distinguish 
essential rules — such as /3-reduction, case analysis and CaseApp — that are necessary to 
reduce terms to values, and unessential rules — like //-reduction — whose main role is to 
guarantee confluence and separation properties. 

A polymorphic type system has been proposed for this calculus in [19], thus addressing 
the problem of typing the case construct in presence of the CaseApp commutation rule. 
This paper is an extended version of [19] with major changes, since some results appear to 
be incorrect (c/. Part [3]). Indeed, typed lambda-calculus with constructors supports some 
non-terminating reductions, and also match failure can occur. This is due to one of the 
unessential rule: the composition between case constructions. 

In this paper we drop out this composition rule from the calculus^, and then justify this 
with realisability arguments. A semantic analysis using reducibility candidates ensures the 
strong normalisation of this restricted calculus. The main difficulty is to design a good 
notion of reducibility candidates which is able to cope with the commutation rule attached 
to the case. For that we introduce the notion of case commutation normal form, and 
we consider the usual reducibility candidates [TO] up to case commutation. From this 
construction we deduce the main property of the typed calculus, including the absence of 
match failure for well typed terms. 

Outline: Parts [1] and [2] respectively present the Ac-calculus and the type system. Part [3] 
is a discussion about the type system and the different reduction rules, and Part H] the 
reducibility candidates model. Finally, Part [5] concludes with the main properties of the 
typed Ac-calculus. 

1. The lambda-calculus with constructors 

1.1. Its syntax. The syntax of the A-calculus with constructors [3] is defined from two 
disjoint sets of symbols: variables (notation: x, y, z, etc.) and constructors (notation: c, 
d, etc. in typewriter font). It consists of two syntactic categories defined by mutual induction 
in Fig. [11 terms (notation: s,t,u, etc.) and case bindings (notation: 9,(1)). 

Terms include all the syntactic constructs of the A-calculus, plus constructors (as con- 
stants) with a case construct (similar to the case construct of Pascal) to analyse them. 
There is also a constant ^ (the Daimon, inherited from Indies [9]) representing immediate 
termination. It cannot appear in a term during reduction, but we keep it in the calculus for 



'Losing thereby the separation property. 
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Terms : 


s,t,u = X Xx.t tu 


(A-calculus) 






(Constructor) 






(Case Construct) 




1 ^ 


(Daimon) 


CaseBindings : 


0,(j) = {ci i-> m; . . . ; c„ i-> n„} 


(Case Binding) 




Ci / Cj for i / j 





Figure 1: Ac-terms and case bindings. 



technical reasons (explained in Section [4.2p . Case bindings are finite functions from con- 
structors to terms. In order to ease the reading, we may write {|ci i— )• ; ... ; c„ i-^ • t 

for {|{ci ^ Ui] . . . ] Cn ^ Un}^ ■ t. 

Free and bound (occurrences of) variables are defined as usual, taking care that con- 
structors are not variables and thus not subject to a-conversion. The set of free variables 
(denoted by JV{—)) is defined for the new constructs by 

JV(c) = ivm ■ t) = J=V{e) U J=V{t) TV{e) = U(,^„)ee^(tx) 

A term is closed when it has no free variable, and we write Aq for the set of closed Ac-terms. 

The usual operation of substitution on terms (notation: t[x := u]) is defined as expected, 
taking care of renaming bound variables when needed in order to prevent variable capture. 
Substitution on case bindings (notation: 0[x := u\) \s defined component- wise. 

1.2. Its operational semantics. The reduction of Ac-calculus is based on the nine re- 
duction rules given in Fig. [2] among which one can find the /3 and rj reduction rules of the 
A-calculus, now called AppLam and LamApp ^, respectively. We write — )■ the contextual 
closure of these rules, and — [resp. , resp. -^*) denotes its reflexive (resp. transitive, 
resp. reflexive and transitive) closure. 

Case bindings behave like functions with finite domain. Therefore we may use the 
usual functional vocabulary: if 9 = {ci Ui / 1 < i < n}, then the domain of 9 is the set 
dom{9) = {ci, . . . c„}; also 9c denotes u when c t-^ u € 6. Case constructs are propagated 
through terms via the CaseApp, CaseLam and CaseCase commutation rules, and ultimately 
destructed with CaseCons reduction. For an explanation of the role and expressiveness of 
these rules, see [3j. 

The confluence or non confluence is known for every combination of the 9 reduction 
rules (pj Theorem 1), and the full calculus is confluent. In this paper, we shall only consider 
the following sub-calculi, which are all confluent: 

• A^ denotes Ac-calculus with all the rules except CaseCase. In this paper we show that 
types ensure the strong normalisation of this calculus. 

• Acom is the calculus of case commutation (whose only rules are CaseApp and CaseLam). 
For technical reasons ( of. Part U]) we sometimes consider terms up to case commutation 
equivalence. 



In Ac-calculus, the name of each reduction rule consists of the names of the two constructions interacting 
for the reduction. 
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Beta-reduction 








AppLam (AL) 


{\x.t)u 


— >■ t[x := u] 




AppDai (ad) 








Eta-reduction 








LamApp (la) 


\x.tx 


t 


{x i TV(t)) 


LamDai (LD) 


Xx.y^ 






Case propagation 








PAtjFPriMtj (r'rt\ 




7 b 




CaseDai (CD) 




y ^ 




CaseApp (CA) 


m ■ M 






CaseLam (CL) 


p^-Xx.t 




{x i JV{9)) 


Case composition 








CaseCase (CC) 








with 9 o {ci 1— 7> ti; 


.., Cfi 1 y tn} = 




■\Cn ^ \9\ ■ tn} 



Figure 2: Reduction rules for A^. 



• Ag is the complement calculus of Acom in A^ : it is composed of rules AppLam, AppDai and 

LamApp, LamDai, CaseCons and CaseDai. 
A term with no infinite reduction is said to be strongly normalising. By extension, a 
calculus is strongly normalising when all its terms are. It is also known that the whole 
calculus without AppLam is strongly normalising ([3j, Proposition 2). 

1.3. Values in lambda-calculus with constructors. In pure lambda-calculus, a value 
is a function (i.e. a A-abstraction). In Ac we call data structure a term of the form cti . . .tk 
where c is a constructor and ti, . . . ,tk {k >0) are arbitrary terms. We then call a value a 
term which is a A-abstraction or a data structure. The set of values is written V . 

We say that a term is defined when it has no sub-term of the form H^l} • c, with 
c ^ dom{9), and that it is hereditarily defined when all its reducts (in any number of steps) 
are defined. (Intuitively, non-defined terms contain pattern matching failures and therefore 
will be rejected by the type system.) 

Proposition 1.1. Every defined closed normal term is either ^ or a value. 

Proof. Let t be a closed defined term in normal form. By induction on the structure of t, 
we show that t is either >^ or Ax. to or cti . . . tk for some constructor c, and some terms tj. 
Since t is closed it is not a variable. If it is a constructor, the Daimon or an abstraction, 
the result holds. 

If it is an application, write hti . . .t^ = t, where h is not an application. Then h is 
necessarily closed, defined and normal. It is not an abstraction, nor the Daimon (otherwise t 
would be reducible with AppLam or AppDai). Hence it is a data-structure by induction 
hypothesis, and so is t. 
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Now assume t = • h. Then h also is closed, defined and normal. It cannot be 
the Daimon, nor an abstraction, nor an application, otherwise t would be reducible with 
CaseDai, CaseLam or CaseApp. So /i is a constructor. If it is in the domain of 9, then t is 
reducible with CaseCons, and if it is not in the domain, t is not defined. Finally t cannot 
be a case construct. □ 

Notice that the proof does not use rule CaseCase (and rules LamApp, LamDai neither), 
so the proposition holds for normal forms w.r.t. A^. 

Finally, a term which is both strongly normalising and hereditarily defined is said to be 
perfectly normalising. Perfect normalisation satisfies this usual lemma of lambda-calculus: 

Lemma 1.2. If t[x := u] is perfectly normalising, so is t. 

Proof. First recall that t ^ t' implies t[x := u] — > t'[x := u] Lemma 9). Thus, if 
t[x := u] is strongly normalising, so is t. Then, if t[x := u] is defined, it has no sub-term 
of the form {|^[}- • c with c ^ dom{6), and this property is kept by replacing some sub-terms 
by x. So t also is defined. By induction on the reduction of t, we can easily conclude that 
if t[x := u] is hereditarily defined, so is t. □ 



2. Type system 



2.1. An informal presentation. The type system we want to define includes the simply- 
typed A-calculus: the main type construct is the arrow type T — )> C/, coming with its usual 
introduction and elimination rules. To achieve polymorphism, we introduce type variables 
(written X, Y etc.) and universal type quantification (notation: MX.T). Instantiation is 
performed via a sub-typing judgement containing all the rules of system F with sub-typing 
such as presented in [TS] . 

To type-check data structures, we associate to every constructor c a type constant c 
— written with bold font. We introduce a type application DT for applied structures, so 
that we can derive c~t : c'^ from ~t : 7^ (see 12.21 for more details on vectorial notations) . 
Nevertheless, the formation of application types has to be restricted. Indeed, with a typing 
rule such as 

t:T u:U 
tu : TU 

if t is a term of type bool U, and u a term of type nat, we would be able to type term tu 
with type {bool U) nat, which may be a nonsense if t implements a function expecting 
only booleans. Furthermore, it would also enable typing non normalising terms like 65, as 
6 = Xx.xx is typable in system F. 

For that reason we distinguish a sub-class of data types (notation: D, E). They will be 
the only types on the left-hand side of a type application. In practice this sub-class excludes 
arrow types and type variables (which could be instantiated by arbitrary types). To still 
keep the ability to quantify over data types, we introduce data type variables (notation: a, 
/3 etc.) and data type quantification. 

To encode algebraic types, we add union types. For example, we could define a type of 
natural numbers with the equation nat = U S [not) (where and S are constructors)^. 



'This would require a fixpoint operator, or a double sub-typing rule. 
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To distribute arrow among union, we also need intersection types: 

(0 U S{nat)) ^ T = (0 ^ T) n {S{nnt) T). 
By symmetry, we add the existential quantifier. 



Types : 


T,U : = 


X 


(Ordinary type variable) 






a \ c \ DT 


(Data type) 






T 


(Arrow type) 






TUU 


(Union type) 






Tnu 


(Intersection type) 






ya.T 1 yx.T 


(Universal type) 






3a.T 3X.T 


(Existential type) 


Data Types : 


D,E : = 


a 


(Data type variable) 






c 1 DT 


(Data structure) 






DUE 


(Union data type) 






DnE 


(Intersection data type) 






Ma.D 1 VXZ? 


(Universal data type) 






3a.D 3X.D 


(Existential data type) 



Figure 3: Types of Ac- 



2.2. The formal system. We define a polymorphic type system with union and intersec- 
tion for both terms and case bindings of Ac (Fig. [3]). It uses two spaces of type variables: 
ordinary type variables and data type variables. There are also two kinds of types: ordinary 
types, and their syntactic sub-class of data types. 

In the following, i' denotes a variable which can be an ordinary type variable or a data 
type variable. The set 7V(T) denotes the set of all free type variables of a type T: 

TV{X) = {X} 7V(a) = {a} 7V(c) = 

7V(T^C/)= 7V{T)U7V{U) 7V{DT) = TV{D)UTV{T) 

TV{TnU)= 7V{T)UTV{U) 7V{TUU)= 7V{T)U7V{U) 

7V(Vz..T) = 7V(T) \ {ly} lV{3y.T) = TV{T) \ {v} 

We also use a vectorial notation for type application and arrow types: 

^ := [] I 

c[] = c c(7^;T) = {cf)T 

[]^U = U (f;T)^U = f^{T^U) 

Typing rules (Fig. |1| include the usual introduction and elimination rules of typed A-calculus 
for each type operator. Some of them — like the elimination of universal quantifier — are 
indeed sub- typing rules (Fig. [5]). 
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Case Binding: li 9 = {cj i-> n, / 1 < z < n} with n > 0. 



Cb- =v ^-^(l<io<n) Cb 



±1 U . ^^jpL^jQ ' -'-'10 



Terms: 



Init— — (x : T £ r) False— — Constr— 

— >intro:rr-; ; — — — >elim rr— — 

r h Xx.t :T -^U Thtu:U 

rht:f/^r The -.T ^T' 



r h p^-t:Tl T' 



Shared rules: M is either a term t or a case binding 9. 

ThM:T FhM-.T T h M : U 

Univ V e TVfr) Inter 

r,x:ThM:;7 ^ r,x -.Tih M :U V,x:T2^ M -.U 

r h M : T T ^ f/ 

Subs- 



r h M : t/ 



Figure 4: Typing rules 

Type application takes precedence over all the other operators and is left associative. 
Sub-typing rule Data allows typing constructors with non-fixed arity: 

cTi . . . Tfc ^ Tfc+i cTi . . . TfcTfc+i , 

implies that if cti . . .tk has type cTi . . . T^,, and if tk+i has type T^+i, then cti . . . tp^j^i has 
type cTi . . . T/j+i. By iterating, we immediately get 

(r h : ri)ti ^ r h cti . . . t„ : cTi . . . r„ 

Having such variadic constructors allows for example to add or remove an element in an 
array locally (Example I2.ip . 



2.3. Typing case bindings. Types for case bindings are the same as the ones for terms. A 
case binding is typed (with rule Cb) like a function waiting for a constructor of its domain 
as argument, up to a possible conversion of arrow type into application type: from a typing 
judgement F h n : T — )• [/, both following derivations are valid. 



T \- {c ^ u} : c ^ T ^ U T \- {c ^ u} : cT ^ U 
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=^ JO ^0 
Ref 1 — — Trans — 



T ^ T T 
T' 4T U 4U' D 4D' T ^T' 

Arrow App 

T ^T' ^U' DT^ D'T' 

T,^U T24U 

UintroLT- — rr— UintroR-r7 — rr^ Uelim — — — 

Ui^UiU U2 C/2 ^ [/i U C/2 TiUT2^U 

nintro — nelimL — nelimR- 



T4UinU2 UinU2^Ui Uir\U2^ U2 

Vintro— — — — i'^TV(T) Velim— — — — VelimD- 



T ^^u.U ^ ' ' "iX.T 4T{X ^U} 'ia.T ^T{a^ D} 

U 

3intro— -r— —r _, ^ BintroD— — r — 3elim— — — —viTViT) 

T{X^U}^^X.T T{a^D}^^a.T 3u.U^T^ ^' 

Data.— — — — Constr =s =r ci^C2 

D^T^DT ci?nc2?^Va.a 



kpp/n-pr — — — — — . . App/V 



y/n-p—— — ^-/V 



>/U ^ ^ . , n , rr.^ . n > rr^ 



U/AppR U/AppL 



Figure 5: Sub-typing rules. 
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This is the point that allows CaseApp commutation rule to be well typed. 

Example 2.1. Consider the constructor that initialises arrays. Then the case binding 
9 = {co i-> Axy.Cox} removes the second element of any array: 

Prom h ti : Ti, h ^2 : ^2 and h : Tg we can derive h ■ (00*1*2*3) : CoTiTg: 

h Xxy.cpx :Ti^T2^ c^Ti Ti ^ T2 ^ c^Ti ^ Ti ^ Tg ^ CoriTg 
h Xxy.c^x : Ti ^ T2 ^ T3 ^ CoTiTg 
h ^ : c^TiT2T3 ^ CoTiTa 

h *i : Ti 

^ t2 : T2 

h g : corir2r3 ^ cqTiTs h 00*1*2*3 : corir2T3 
h • (co*i*2*3) : Corir3 

We can also give the same type to ({|^|} • Co)*i*2*3 by choosing another possible type for 6 
{we write ^ = Ti-T2;T3): 

h Xxy.c^x : 7^ c^TiT^ 

|~*i:-'i 

h g : Co -> r ^ CoTir3 h Co : Co h *2 : r2 

h -flg^ Co : 1^ ^ corir3 K *3 : r3 

h {pf^ ■ Co)*l*2*3 : CoTir3 

In the same way, the typing rule (case) for a case construct {|^|} • * allows * to be a 
function that waits for an arbitrary numbers of arguments. This make CaseLam well typed. 
Indeed, if a case binding 6 has type T ^ U, then both terms p^ ■ Xx.x and Aa;.(-{|0|| • x) 
are typable with the same type: 

x:Thx:T x : T h 9 : T ^ U h Xx.x : T ^ T \- 6 : T ^ U 

x:Thpj-x:U h ■ Xx.x : T ^ U 

h Xx.{p^-x) -.T^U 

If the case binding includes many branches, we can either chose one of them, or give to 
it an intersection type, and then commute intersection with arrow. 

Example 2.2. Assume rai* is a type satisfying not = U Snot. The predecessor case 
bindings ^ = {0 >-)■ ; S Xx.x} has both types ^ not and S rat* — )■ not. Hence we can 
derive 

I- 9 : {O^nat) n {S not ^ not) (O-^no*) n {S not ^ not) ^ (0 U S not) ^ not 

\-e: {OU S not) ^ not 

and thus 9 has type not — > not. 
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The rule Cb_L is a kind of generalisation of this typing derivation: indeed, if 
9 = {cj ^ Ui / 1 < i < n}, with \- Ui : ifi ^ Ti, then for any J C [l..n], the judge- 
ment h 9 : CiUi UiGj^i is derivable. Taking J = 0, this would be written 
h 9 : Va.a MX.X, as Va.a is the lower bound of data-types, and VX.X the lower 
bound of types. In particular, Cb_|_ enables typing the empty case binding. Notice that the 
only way to type a term {|0^ • t is that t has type Va.a, and this means that t is (or reduces 
on) the Daimon (we will see that this is a consequence of Proposition [TTT] and Remark 15. 8p . 



3. Restricted lambda calculus with constructor 

The type system described in the previous section is the one presented in \\3\- It 
appears that the final result (Proposition 15) of that paper is wrong^. Here we present a 
simple counterexample, and we explain how we cope with the problem. 



3.1. The problem of case-composition. Typed Ac-calculus does not prevent match fail- 
ure. Indeed, the CaseCase rule can create sub-terms whose typing is not checked in the "dead 
branches" of a case-binding. For instance, if 

(/> = {d i-^- d' } and 6' = {ci-^'d;c'i-^c'}, 
then h i;^ : d — d' and h ^ : c — > d. 

So we can derive h ^9\ • c : d and then h ■ ■ c : d'. This makes sense because we 
can obtain ^(p^ ■ {|0|} • c — t-* d ' by applying twice the rule CaseCons. In 0, c ' i-^ c ' is a dead 
branch and is forgotten by the typing (once we know that c' itself is typable). However, 
we can also apply the rule CaseCase and get {|0 o 6*]} • c. Hence, the second branch of the 
case-binding is c ' i— )• {|(/>^ • c ' , which raises a match failure and is hardly typable. 

The point is that, while typing a case binding, a choice can implicitly be made concern- 
ing the branches that will be taken in consideration (if we had chosen type c' — ?■ c' for 9, 
we would not have been able to type {|0|} • {|^|} • c', that reduces on the same match-failing 
term {|(/>| • c'). But yet the CaseCase rule can create redices in branches that have been 
dropped by the typing. 

Actually, the situation is even worse. Rule CaseCase, together with the other rules, 
makes some typable terms non-terminating: 

Let = {d I— 7- (5} and = {c i-^ d ; c' i-^ d5}, where 5 = Xx.xx. Then we can 
derive 

r h d : d r h d(5 : dA 

r h 6* : c ^ d r h X : c 

d 



r h 



A 



X 



with r = X : c, and A = (VXX ^ X) ^ (VXX ^ X). It appears that • pff 
normal form without CaseCase rule, but with it we can reduce 



X IS m 



X 



9^ 



d 

d5 



^ 6 
^ 66 



Hence {|(/>|} • ■ x is not normalising since the sub-term 66 necessarily appears. 



In [12] the proof fails at Lemma 10. There is a counterexample to the converse of equivalence (13), 
surprisingly due to the notion of modified substitution used there. 
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3.2. Restriction of the calculus. Remember that A^^ , i.e., the Ac-calculus without the 
rule CaseCase, is confluent (c/. Part[T]). We will see in Part[5]that typed A^-calculus enjoys 
the perfect normalisation property. 

Actually, rule CaseCase was introduced in the lambda calculus with constructors in 
order to satisfy the separation property ([3], Theorem 2) — and same as for the rule LamApp, 
the usual eta-reduction. But it is unessential for computing in the lambda calculus with 
constructors (cf. the discussion in Section [5T3]) . 

Also from now on we remove the case composition from the calculus, and we consider 
the A^-calculus. In particular, we now use notation — > for —^x~- 

The set of terms is kept unchanged, so we use the same definition of defined term and 
of value as in Ac-calculus. Note that Proposition 11.11 still holds in A^. The set of closed 
terms that are perfectly normalising for A^ rules is denoted by PNq. By extension we say 
that a case binding 9 is in PA^o when it is composed of closed and perfectly normalising 
terms for A^. 

In the following, we prove the perfect normalisation (i.e. strong normalisation without 
match failure) of typed A^-calculus. 

4. Reducibility Candidates 

Reducibility candidates [10] are sets of closed and perfectly normalising terms. They 
will later be used to interpret types. In this paper we complete their usual meaning with 
the notion of data candidates. In the following, we denote by Redn{t) the set of terms to 
which t reduces in n steps, by Red^,{t) the union of all these sets for n in N, and by Red+{t) 
the union for n > 1. 

Because of their "ill-behaviour" w.r.t. typing, commutation rules will be treated with a 
special attention. Remember that we write the union of CaseApp and CaseLam, and Acom 
denotes the calculus containing only these two rules. Conversely, the calculus consisting of 
all reduction rules of A^ except CaseApp and CaseLam is written Ag (and, as expected, — >-s 
denotes the union of AppLam, AppDai, LamApp, LamDai, CaseCons and CaseDai). 

In this section, we first give some properties of Acom-normal forms. Next we give a 
definition of reducibility candidates and a method to construct them using closure operator. 
Then we emphasise the connection between reducibility candidates and values. Finally we 
define some operations on reducibility candidates. 

4.1. Case-commutation normal form. The reduction system Acom is strongly normalis- 
ing. Indeed, reducing a term in Acom decreases its structural measure s, introduced in [3j as 
follows: 

s{x) = s{c) = s(^) = 1 

s{Xx.t) = s{t) + 1 

s{tu) = s{t) + s{u) 

sm-t) =s{t)x{s{9) + 2) 

s{{ci ^ Ui/1 <i<n}) = ^27=1 
In the following, we will often need to consider terms up to case-commutation rules. 
The normal form of a term t for — 7>c is written J, t. It is characterised by the following 
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equations: 

ix = X iPhx = HH-x 

ic = c iP^-c =U0hc 

iXx.t = Xx.it ip^-Xx.t =Xx.i{p^-t) 

i{tu) =itiu ipffitu) =l{p^-t)iu 

i{Ci ^ Ui / l<i<n} = {a ^iUi / l<i<n} UPhM-t) =HPlim-t) 

&ndhy i{p^ ■ m - t) = uoh m -t if im-t = m-t. 

To deal with perfect normalisation, we can consider terms up to case commutation, 
since both well-definition and strong normalisation are preserved by Acom-reduction and 
expansion. That is what Corollary 14.31 expresses. 

Lemma 4.1. If it is defined, so is t. 

Lemma 4.2. t — >b t' implies |t — 

Proof. By induction on t. 

• If t = X, ^ or c, then t is not reducible. 

• If t = Ax. to, then t' = Xx.t^ with to— ^b^o conclude by induction. 

• If t = tit2, three different cases can occur: 

— t' = titg or t[t2 with ti^B^'i- Hence we conclude by induction 

— ti = ^ and t' = ►J*. In that case |t = |t2) reduces to ^ = it'. 

— ti = Ax. to and t' = to[x := t2]. Then | t = (Ax. i to) i t2, and it reduces to 
(4,to)[x :=it2], that has case normal form (and therefore reduces in or more steps 
on) i(to[x := t2]). 

• If t = -g6'| • to, either t' = p'^ ■ to oi p^ ■ t^ with e^^O' or to^et^ and we conclude by 
induction, or t' = u with to = c and c i— ?> it € 0, or t' = ^ and to = In both last cases, 

it = U^h to ^it' . □ 

Corollary 4.3. If it G PNq, then t G PNq. 

Proof. First u G Red^,{t) implies iu G i?ed*(4,t) by Lemma |4.2[ So Lemma |4. II entails that 
all reducts of t are defined as soon as all reducts of J,t are. 

Now assume there is an infinite reduction t = to — > ti — > t2 . . . Since — >c is strongly 
normalising, this reduction chain contains an infinity of reduction steps: t = to — >c 

til -^B *ji ti^ -^B tj2-- - So itji^ = iti^^^ and |tj^ -^^itjk by Lemma [Ol Hence 
there is an infinite reduction 

This is absurd if it is strongly normalising. So finally if it is perfectly normalising then t 
also is. □ 



4.2. Definition of reducibility candidates. The definition of reducibility candidates is 
founded on the notion of values and neutral terms. Recall that the set V of values includes 
all data structures and lambda- abstractions. We then call neutral the terms which are not 
values. The set of defined closed neutral terms is written Md- In particular, >^ is neutral. 

Remark 4.4. Since t G V implies it G V, Lemma |4 . II leads to 

it G Md =^ t gMd 



SEMANTICS OF TYPED LAMBDA-CALCULUS WITH CONSTRUCTORS 



13 



A set S of closed terms is a reducibility candidate when it satisfies: 
(CHI): Perfect normalisation: S Q PNq 
(CR2): Stability by reduction: teS^ Redi{t) C S 

(C!R3): Stability by neutral expansion: if t G Md, then Redi{t) C S t G S 

(01,4): Stability by case-commutation: if t — 7>c t' , and t' E S" then t G S 

We denote by CR the set of all reducibility candidates, and by (CR) the conjunction of all 

four conditions. The usual stability properties for reducibility candidates are (CRl), (C3rl2) 

and (CRS). Property {CR.4) is specific to this type system, and will be necessary in order 

to prove the validity of the Cb rule. 

Note that every reducibility candidate is non empty (it contains ^ as neutral term with 
no reduct). This will be important when interpreting arrow types. Moreover PNq is in CR 
(resulting from Corollary 14.31 P^o is stable by (Cn4)). 

In some of the proofs of this paper we need to use another definition of reducibility 
candidates, that is equivalent. 

Lemma 4.5. Given S C Aq, we define two new stability properties: 

(CR2'): teS ^ RedS) Q S 
(CR4'): iteS t€S 

Then a reducibility candidate can be characterised by (CRl), (CR2'), (CR3) and (CF14') 

since 

(CR2) ^ (CR2') (4.1) 
(CR2) A (CR4) ^ (CR2') A (CR4') (4.2) 

Proof. 

KTh (CR2') obviously implies (CR2). Conversely, if S satisfies (CR2) and t G S, then 
we can prove by induction on n that t — u implies u & S. 

(|4.2p Assume S satisfies (CF14). If t is a term such that ],t G S, we can see by induction 
on the reduction t -^dt that t £ S. Conversely, if S satisfies (CR2') and (CR4'), 
then for any G 5 and any t — t-c t' , we have J, t = J, is in S by (CR2') (since 
t' ^*it'), thus teShy (CR4'). □ 

4.3. Closure properties. A non-expansed candidate is a set of terms that satisfies (CRl) 
and (CR2). Sets that satisfy (CR4) in addition (or equivalently (CR4')) are called pre- 
candidates of reducibility. We write VCR for the family of pre-candidates. For instance 
{c} is a pre-candidate for any constructor c. We will see that such a pre-candidates can be 
closed by (CR3) to obtain a reducibility candidate. 

Definition 4.6. For X C Aq, we note X its closure by (CR3). It is defined inductively by 

teX teMo Redi{t)QX 

t G X t gX 

Lemma 4.7. If P (zVCR, then P is the smallest reducibility candidate containing P. 

Proof. P satisfies (CR3) by definition. Using the inductive definition, it is immediate to 
check (by induction) that it satisfies (CRl) and (CR2'). Now we prove by induction that 
it satisfies (CR4'). Let t G Aq such that it G P. 
• If it G P then t G P since P G VCR and thus satisfies (CR4'). 
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• Else 4t € Nd and Redi{]^t) C P. In that case, t also is in Nd (Remark 14. 4p and for 
all u G Redi{t), |u G iie4(it) (by Lemma|M]). Moreover, i?e(i*(it) C P by (CR2'), 
thus ].u P. By induction hypothesis, it implies that u (z P. Hence Redi[t) C P, so 
t & P for being neutral. 

Finally P is a reducibility candidate. Moreover, if S in CR contains P, it also contains P 
by (CR3). □ 

In the previous lemma it would not be sufficient to assume that P is a non-expansed 
candidate, to conclude P G CR (see example below). We later (in Lemma [4.15P charac- 
terise more precisely when a non-expansed candidate can be closed to obtain a reducibility 
candidate. 

Example 4.8. Let t = Ay.{|c i— )• c|} • y and u = {|c i-^ c|} • Xy.y. Then u — 7>c t. 

The set S = {Xx.t} satisfies (CRl) and (CR2) but S does not satisfy (CR4) since Xx.u ^ S. 

So S is not a reducibility candidate. 

Stability under (CR,3) also entails that every reducibility candidate is infinite: if A is 
a reducibility candidate containing a term t, it also contains {|c i— >■ i|} ■ c as a neutral term 
whose all reducts (by induction on the reduction of t) are in A. So we can construct an 
infinite increasing family of terms of A. 

A data candidate is a reducibility candidate whose all values are data structures. The 
sub-class of data candidates, written VC, will be helpful to interpret data types. 

Remark 4.9. Since the closure by (CHS) only adds neutral terms, if P is a pre-candidate 
whose all values are data-structures, then P G VC. In particular {c} is a data candidate 
for any constructor c. 



4.4. Reducibility Candidates and values. A reducibility candidate is stable under re- 
duction and under expansion for neutral terms. As a consequence, it is entirely determined 
by its values. We call values of a term t (or of a set of terms S), and we write Val{t) {resp. 
Val{S)), the set of values to which t {resp. a term of S) reduces: 

Val{t) = Red^{t) n V 

Note that, V being closed by reduction, Val{S) is a non-expansed candidate for any 
set S of perfectly normalising terms. However, it is not necessarily a pre-candidate. Indeed, 
even if ^ G CP it does not insure Val{A) G VCR. 

Example 4.10. Consider the reducibility candidate 5, with 

S = { Xx.^c ^ c\ ■ X ; {|c 1-^ c|} • Xx.x } . 

Val{S) is not stable under (C3rl4) since it does not contain {|c i-)- c^- • Xx.x whereas 
{|c 1-^ c|} • Xx.x -^c Ax.-flc 1-^ c|} • X and A^.-flc i-^ cj- • x G Val{S) . 

Also it is generally not possible to use the closure operator on a set of values Val{S) to 
construct a reducibility candidate. However, the values of a reducibility candidate are, in 
some extent, sufficient to define it (Corollarv I4.12p . 

Lemma 4.11. If t G PNq and A G CR, then t & A ^ Val{t) C A . 
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Proof. The implication is obvious using {CR.2'). 

We prove the converse by induction on the reduction of t (that is weh-founded for strongly 
normalising terms). Assume Val{t) C A and prove that t €z A. If t is a value it is clear 
since t € Val{t). Otherwise t € Md, and for all u in Redi{t), u € ^ by induction hypothesis 
(since Val{u) C Val{t) C A). So t G ^ by (CR3). □ 

Corollary 4.12. Let A,B (£ CR. Then Val{A) = Val{B) iff ^ = ^. 

Proof. We show the implication, the converse is obviously true. Let A,BQ CR, such that 
Val{A) = ValiB). By LemmaEH 

teAijJ Val{t) C ^ □ 
iff Val{t) C Val{A) 
iff Vallt) C Val{B) 
iff Valit) C B 
iffteB 

This characterisation of a reducibility candidate by its values will be used in the next 
section to prove that our class CR is stable under union. For that, we also use a sufficient 
condition described in [20j: the principal reduct property. 

Lemma 4.13. Every t € Md has a reduct (in one step) u E Aq such that 

t ^* V A V e V =^ u^* V 
A term u that satisfies such a property is called a principal reduct oft. 

Proof. We define inductively, for every t € Md that can reduce on a value, a term p{t): 

p{{Xx.to)ti . . .tk) = to[x := ti] t2 . . .tk 
p{m-to)ti...tk) = p{p^-to)ti...tk 
P{P^ ■ c) = u \i ue6 

p{ie^-\x.t') = Xx.ie^-t' 

pm-m-t') = m-pm-t') 

The point is that when a neutral term reduces on a value, it is necessarily by a reduction step 
performed at the root of the term (a so-called head reduction). The term p{t) is obtained 
from t by reducing in head position. Every reduction chain leading from t to a value v 
begins eventually with reductions in sub-terms, and then the head-reduction is performed 
and gives a term n', that reduces on (or is) v. So to go from t to u' we can first reduce in 
head position and get p{t), and then perform the same reductions in the sub-terms to get 
u'. □ 

4.5. Candidates operators. Since we aim to interpret types by reducibility candidates, 
we need to define all type operations in CR. The definition of arrow is standard [10]. Here 
we also define the set application: for .A, ;B C Aq, 

A^B = {teKQ /yueA,tueB} 
AB = {tu / t(^A, u(^B} 

It is standard that CR is stable under arrow (we prove it in Lemma l4.16p . as soon as 
candidates are not empty (that is the case here, since they all contain On the other 
hand, there is no reason for CR to be closed under application. Indeed, none of (CRl), 
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(CR2), (CR3) and (CR4) is preserved by application. In Lemma [4.161 (|4.6p we see a way 
to construct a reducibility candidate by applying candidate to an other one. The family CR 
is naturally closed by intersection. We use the same method as in \20\ Corollary 4.12] to 
deduce its stability under union (j4.4p . 



Lemma 4.14. For any family {Pi G 'PCR)i(zj, [jPi(^[jPi. 



Proof. By induction on t G (J Pj, we show that t G Pj for some j G I. 

• IfteljPi, then there is j G / such that t e Pj <^Pj 

• If i G Md and Redi{t) C |jPj, let u be a principal reduct of t. Then Val{t) = Val{u) 
(Lemma I4.13p . Since u G Redi{t), u G Pj for some j by induction hypothesis. So 
Val{u) ^ ^ by (CR2), and using Lemma [iTT] we get t gT]. □ 

Lemma 4.15. Let S be a non-expansed candidate. Then S is a reducibility candidate if, 
for any t, t' G Aq, 

t ^rt' 



t' £S 



t G S 



Proof. By definition 5 satisfies (CR3). The closure operator ~ preserves (CRl) and (C3l,2), 
so these two properties also hold in S. Now, we need to prove (CR4'). Let |t G 5. By 
Corollary 14.31 i t G PNq implies t G PNq. We prove by induction on its reduction that 
t G 5. If t =lt it is clear; else let t' such that t — >c t' ^dt- By induction hypothesis, 
t' eS. 

• If t' G 5 then by hypothesis t £ S. 

• Otherwise t' G Md and Rediit') G 5 (by definition of the closure operator). Hence t also 
is in A/t) (same as Remark l4.4p . Moreover, for any u G Redi{t), \.t -^*-lu by Lemma [C2l 
So G 5 by (CR2), and u G S by induction hypothesis. Thus Redi{t) C S and t £ S. 

So 5 also satisfies (CR4'), it is then a reducibility candidate. □ 

Lemma 4.16. Given (Ai) and (Pj) families (possibly infinite) of CR and TXJ respectively, 
A G CR, T) G VC , and S a non-expansed candidate that is non-empty. 

Pi A G Ci? and Pi A G 1X7 (4.3) 

(J A G Ci? and y A G 2X7 (4.4) 
S^A G CR (4.5) 
VA VC (4.6) 

Proof. 

(fOj) (CRl), (CR2), (CR3) and (CR4) are each preserved by intersection, so fl A and 
Pi Vi are reducibility candidates. Since values of f] Vi are values of data-candidates, 

I - . - [ All candidates Ai satisfy (CR3), thus Ai = Ai for any i. So Lemma [4.141 says 
that \_]Ai C \_]Ai. The converse inclusion also holds by definition, so |J A = U-^i- 
Moreover, [_}Ai is pre-candidate since (CRl), (CR2) and (CR4) are preserved by 
union, thus (J A is a reducibility candidate (by Lemma HTTj) . and so is |J-^i- 
In the same way, |J Pj is a reducibility candidate. By Remark 14.91 |J Pj G VC. 
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(j4.5p We prove that S ^ A satisfy all conditions of (CR): 

CRl. Let t e S ^ A. There exists ue S, and tu e A Q PNq. So t G PiVo- 

CR2. Let t G S ^ A and t' € Rediit). For any u G S, tu ^ t'u. So tu £ A implies 

t'u G A since A is closed under reduction. Hence t' € S ^ A. 
CR3. For any t € A/zj such that Redi{t) C S ^ A, we prove that u G S implies 
tu ^ A hy induction on the reduction of u. Since t G TVd, tu is not a data- 
structure so tu € A/£). Furthermore t is not an abstraction so every reduct 
of tu is either ^ (if t = or t'u with t' G Redi{t), or in' with u ^ u' . In 
any case it belongs to ^: ^ by (C3rl3), t'n because t' £ S ^ A, and tn' by 
induction hypothesis. So tu G A by (C3rl3), thus t £ S ^ A. 
CR4. Let t t' such that G ^ ^. For any u G S, tu — )-c t'u and t'u G ^. So 

in G ^ by (CR4) in A. 
Finally 5 — )■ ^ is a reducibility candidate. 
(j4.6p First notice that DA = "DAU^ (since ^ is neutral with no reduct, it is in the 
closure of any set). We call S the set DA U and we will first prove that it is a 
non-expansed candidate. Then we will prove that t' G 5" and t — >c t' imply t £ S. 
Also S G CR will result from Lemma l4.15i 

— Let t £ S. If t is the Daimon, it is perfectly normalising and it has no reduct. 
Otherwise, t = tit2 with ti G P and t2 G A. We show by induction on their 
reduction that t G PNq and Redi{t) C S. Term ti is not an abstraction since it is 
in a data candidate, so every reduct of t is either ^ (if ti = or a term on the 
form t''^t2 or tit'2 with ti — )• t-. All this reducts are in S, and they are perfectly 
normalising (possibly by induction hypothesis). So Redi{t) C S and t G PNq. 
Hence S satisfy (CRl) and (CR2). 

- Let t ->c t' such that t' G S. Then t' = ^1*2 with ti £ V and ^2 G ^- Either 
i = t'it2 or titg with — t-c ti (in that case t G since P and A are closed by 
expansion for — >c), or t = {|0|} • (^0^2) and ti = {|0|} • tQ. In the last case, t G A/}): 
both ^6^ - to and ^2 are defined (they are in reducibility candidates) so ^6^ • (^0*2) 
also is defined, and it is not a value. We show that all its reducts are in S. Note 
that to is not an abstraction (if to = Ax.tp then ti — >■ Ax.{|0^ • ^ V), so a 
reduct u oi t may have three different forms: 

• u = t'. Hence u € S C S . 

• u = ^6^ ■ ^ {if tQ = >b) . In that case u G Afo and all its reducts in any number 
of steps until ^ are in Md, so u is in S. 

, u = p'^ ■ {t'Qt'2) with e ^e' and ti = t'-, or 9 = 9' and ti t'^. 
In that case, u u' = iP'^ ■ Qt'^, and t' ^ u' so u' e S by (CR2). Thus 
w G 5 by induction hypothesis. 
Hence any reduct of t is in 5, and thus t G S" by (CR3). 
By Lemma 14.151 VA = S £ CR. What is more, all values of DA are in DA, thus 
they are applications, so they are data-structures. Finally, DA G DC. □ 

In (|4.6p we consider the closure of set application for a data-candidate and a candidate. 
In general, the closure of the application of two reducibility candidates would not form a 
reducibility candidate, as shown in the following example. This is intuitively due to the 
same reason why we do not consider general type application, but we restrict it to data- 
types: good properties (among which the perfect normalisation property) are insured to be 
preserved by applying a term u to t if t is not (and does not reduce on) an abstraction. 
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Example 4.17. Consider the reducibility candidate A = {I}, where / = Xx.x 

Then II G AA, but II ^ I and / ^ AA. Thus AA is not closed under (CR2) and thereby 

is not a reducibility candidate. 

5. Reducibility model 

In this section we associate to every type T a reducibihty candidate that contains ah 
the terms which are typable by T. Seeing typed terms as terms of a reducibihty candidate 
or a data-candidate wih then enable a finer analysis of their properties. 

5.1. Modelling types. To achieve the definition of type interpretation, we need to give the 
interpretation for type variables. For that, we use valuations, i.e. functions matching every 
data-type variable to a data-candidate, and every type variable to a reducibility candidate. 

Given a valuation p, the interpretation of a type T in p, written [T]p, is defined induc- 
tively in Fig. [6l We also associate to T (seen as a type for case bindings) and p the set of 
case bindings |r]p. Lemma 14.161 ensures that for every valuation p, [T]p G CR for any type 
T, and [D]p G IXJ for any data type D. 



Type interpretation by reducibility candidates: 



[«]p = 


p{a) 


[Tn[/]p 


= [T]pr^[u]p 


= 


P{X) 


[Va.[/]p 




[C]p = 


{c} 




= r\AeCR [U]p,X^A 


[DT]p = 


[D\p [T]p 


[TU[/]p 


= mpu[u]p 


T^U]p = 


[T]p ^ [U]p 


[3a.U]p 


~ ^AeVC W]p,at-)-A 






[3X.U]p 


= UagCR P]p,X>-^A 



Interpretation of types for case bindings: 

iTjp = {e/Xx.pj-xe[Tl} 



Figure 6: Interpretation of types 

Note that we need to use the closure operator to interpret data types. Indeed, for 
T> e VC and T G CR, the set VT does not satisfy (CR3): if t G P and u G T, with 
both terms in normal form, then the only reduct (assuming t 7^ ^) of the term {|c 1-^ tu^ ■ c 
is tu G PT, but {|c i-T- tu^-c itself is not an application, and thus is not in VT- However, this 
interpretation of types gives a very precise notion of data- types, considering their values. 

Proposition 5.1. If t is a value of [cTi . . . T^Jp then t = cti . . .t^ with ti G [Ti]p. 

In particular. Proposition 11.11 ensures that t G [cTi . . . Tk]p implies t — )•* cti . . .tn for 
some ti G [Tjjp {i <n), or t 
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Proof. We proceed by induction on k. 

If A: = 0, it is straightforward from the definition of [c]p. 
Else [cTi . . . Tk]p = [cTi . . . Tk-i]p[Tk]p, so 

Val{[cT, . . . n]p) = Val{[cT, . . . n.i]p[Tk]p) 

So, if t is a value of [cTi . . . Tk]p it is on the form uu' with u G [cTi . . . Tk^i]p and u' £ [Tk]p- 
Moreover, if uu' is a value, it is necessarily a data structure, and u also is a data structure. 
Hence u is a value of [cTi . . . Tk-i]p. By induction hypothesis u = cti . . . tk-i with U G [Ti]p, 
and we conclude with tk = u' & [Tk]p- □ 

Corollary 5.2. For any constructor c and any types Ti, . . . ,Tk, 

[cTi...Tk]p = c[Ti]p . . . [Tk]p 

Proof. By Proposition Va/([cri . . . Tk]p) = c[Ti]p . . . [Tk]p. 

Since Val{c[Ti]p . . . [Ti^]p) also is c[Ti]p . . . [Tfe]p, Corollary 14.121 entails the equality. □ 

The following lemma expresses that type interpretation is sound w.r.t. sub-typing. 
Lemma 5.3. // Ti ^ T2 then for any valuation p, [Ti]p C [T2]p . 

Proof. By induction on the derivation of Ti ^ T2. Rules Ref 1 and Trans are straightforward 
from the definition. So are union and intersection rules. Introduction and elimination rules 
for quantifiers V and 3 use the equality [7']p,;yi->.[[/]p = ^ f^}]p- 

Arrow is standard, and Constr comes from Proposition 15.11 [ci T^]n[c2 C^]p has no value if 
ci ^ C2 and thus is smallest than any candidate. 

We detail rules App and Data, other rules are easy to check (we actually introduced them 
in the calculus because they were valid in the model). 

D ^D' T 4T' 

App: — ^ — 

DT =4 D'T' 

Remark that P C P' and T ^ T' implies VT C T>'T', and notice that the closure 
operator is monotone on sets of terms. 

Data: D 4 T ^ DT 

Let p a valuation and t G [D]p. Now choose u € [T]p. Then tu € [L']p[r]p, and this set is 
included in [D]p[T]p = [DT]p. Hence tu e [DT]p for all u in [T]p, so t e [T ^ DT]p. □ 

5.2. Adequacy lemma. In this part we prove adequacy for the model: if a Ac-term has 
type T, then it belongs to the interpretation of T (and thus is perfectly normalising). 

Reducibility candidates model deals with closed terms, whereas proving the adequacy 
lemma by induction requires the use of open terms — with some assumptions on their free 
variables, that will be guaranteed by a context. Therefore we use substitutions a, r to close 
terms and case bindings: 

a -.= ^1 x^u]a Mq, = M; M^^u;a = M[x := u]^, 

We complete the interpretation of types with the one of judgements: given a context T, we 
say that a substitution a satisfies T for the valuation p (notation a E [Ljp) when (x : T) G P 
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implies cr{x) € [T]p. A typing judgement T \- t : T (or T \- 9 : T) is said to be valid (notation: 
T \= t : T or T \= 9 : T respectively) if for every valuation p and every substitution a G [Fjp, 

U e [T]p {resp. 9, G [Tip) 

The proof of adequacy requires a kind of inversion lemma for CR. Recall that Red^{t) 
denotes the set of all reducts (in any number of steps) of a term t. 

Lemma 5.4. For any A G CR, any terms t,u,Xx.tQ, and every non-empty non-expansed 
candidate S, 

tu e A ^ t e Red^{u) A (5.1) 
Xx.to e S ^ A <^ for all s e S, to[x := s] e A (5.2) 

Proof. 

(jSJ]) If in G ^ then for any u' G Red^{u), tu ^* tu' hence tu' G .A by (CR2'). So 
t G Red^ (n) — )■ A. Conversely, if t G Red^ (n) A then tu £ A since u G Red^ (n) . 

(|5.2p If Ax. to £ S ^ A, then for any s G S, {Xx.to)s G A, so {Xx.tQ)s to[x := s] implies 
to[x := s] e A by (CR2). Now, if to[x := s] e A for some s G 5, then to G PNq 
by Lemma ll.2[ Moreover, For any s' G S, we can easily check by induction on the 
reduction of to and s' that (Ax.to)s' G A; indeed, it is in Md, and all its reducts are 
in A. □ 

Remark 5.5. If it G PNq, then Red.^{u) is a non-expansed candidate, and so 
Red^{u) ^ ^ G by (gS])- Also, if Ui G PiVo for 1 < i < /c, then 

tui...Uk^A ^ t & Red^{ui) ^ ■ ■ ■ ^ Red^{uk) ^ A 

directly results from (15. ip and an induction on k. 

Lemma 5.6. Let Ai, . . . , Ak,B G CR and 9 G PA'^o Assume c ^ u ^ 9 , with u G 
(where = Ai; . . . ;Ak)- Then 

te cAi...Ak =^ p^-teB 

Proof. We prove that for all 9 G PNq with c u £ 9 and u £ ^ B, and for all 
t G cAi . . . Ak, the term • t is in B. 

If t is a value then t = cti . . . t^ with tj G ^j, so 
p^-teBiS {p^-c)ti...tk£B (CR2'),(CR4') 

iff ^6*^ • c G Pe4(ti) ^ >Red4tk)-^B (Remark[53D 

But Red^:{ti) C Ai, so Ai ^ ■■■ ^ Ak ^ B C Red^{ti) ■ ■ ■ ^ Red^{tk) B. Moreover 

an immediate induction on the reduction of 9 ensures that ■ c is in A ^ B: this term 
is in Md and its reducts are either • c with 9^9' (that is in ^ — > S by induction 
hypothesis), or u (that is in — )• S by hypothesis). So {|0|} • c is in ^ — )• ;B by (CR3), thus 
it belongs to Red^{ti) ■ ■ ■ ^ Red^{tk) -)■ B and so ^9^ - t £ B. 

Now assume t is neutral. It has the form hti . . .tn with /i = ^ or {|(/)[}- • /lo and n > 0, 
or h = Xx.Hq and n > 1. We prove that • t is in S by induction on the reductions of 9 
and h. 

• First consider cases /i = ^ or {|0|} • /lo, and n > 0: 

^0[^-tGi3iff (|e^-/i)ti...tfe gS (CR2'),(CR4') 

iff \9^ ■ h e Red^ti)-^ > Red^{tk) B ([ETD 

Note that {|6'^ • /i G TVd and Red^{ti) —)■•••—)• Red^{tk) — > ;B is a reducibility candidate 
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by (14. 5p . So it is sufficient to show that it contains ah reducts of {|0|} • /i. They are either 
or ■ /i' with 9^6' and h = h' or h ^ h' and 9 = 9'. The Daimon is in every 
reducibihty candidate, and ^9'^ ■ h' £ Red^{ti) —)••••—;► Red^{tk) B hy induction 

hypothesis. So pj-he Red^{ti) > Red^tk) B hy (CR3), and ■ t e B. 

• Now consider case h = Xx.ho (with x ^ JV{9)), and n > 1. 

p^-teBiS {Xx.pf; ■ ho)ti ...tk£B (CR2'), (CR4') 

iS Xx.p^ ■ ho G Red^ih)^ >Red^{tk)^B (l5TT) 

iff for all s G Red^{ti), 

PI -holx := s]eRed4t2)^---^Red,{tk)^B (lO) 
For any s G Red^{ti), t — >* {Xx.ho) st2 ■ ■ -tn — > /io[3^ := s]i2---^n7 so that 
H^G" ■ (^o[3; := s]t2 ■ ■ - tn) ^ Bhy induction hypothesis. 

Hence, {p^-ho[x := v\)t2 . . . t„ G ^ by (CR2'), and thus by ([5l]), p^-hQ[x := v] belongs 

to Red^{t2) > Red^tk) B. Also p^ ■ t e B. 

Finally, {|6'5- • i always belongs to B. □ 

Proposition 5.7. Given a term t, a case binding 9, a context T and a type T, 

Vrt-.T =^ r\=t:T (5.3) 
rh6l:r ^ T\=9 -.T (5.4) 

Proof. The proof is made by induction on the derivation of F h t : T or F h : T. If the 
judgement is introduced by the rule Init, False (remember that >^ is in every reducibihty 
candidate) or Constr it is obvious. If it comes from — > elim it is a direct consequence of 
the definition of arrow in CR, and the case — )■ intro is a consequence of ()5.2I) . 
If it comes from Inter, Union, or Univ it is straightforward from induction hypothesis. 
If it comes from Subs, it is a consequence of Lemma 15.31 We detail the proof in case the 
derivation comes from rule CB or Exist (Inter is similar to this last one). 

(F h n,- : Tf^ T,)" 

Cb: ^ 4^ with 9 = {c,- ^ Ui / 1 < j < n} 

T h 9 : CiUi Ti 

Remember that the interpretation of a type T, seen as a type for case bindings is 
[T] = {9 / Xx.p^ ■ X G [T]}. Note {Un . . . Uik) = ifi, choose p a valuation and cr G [F]p, 
and show that A3;.{|0o-[}- '2; G [cjC/j — > Tjjp. Let t G [cilJ i]p. By induction on the reduction 
of 9(j and t, we show that (Ax.{|0o-G" ' G [Ji]p. This is a neutral term, so it is sufficient 
to show that all its reducts are in [Tjjp. Thanks to induction hypothesis we just have to 
consider the reduct • t. 

By Corollary [521 * G Ci[Uii]p . . . [Uik]p, and tt, G [C/ii]p ■ ■ ■ ^ [Uik]p ^ [Ti]p by induc- 
tion hypothesis. All terms in 9^^ are perfectly normalising, so we can use Lemma 15.61 to 
get Pal-te[T,]p. 

r,x:Tht:U 

Exist: ^. '^tmu) 

i , X : du.l \- t : U 

Choose a valuation p, and a substitution a G [F,x : 3v.T]p. 

Then a{x) G U^effi[^]p:'^^'4- Let A G CR. Then a{x) G [r]^,^^^, 
so cr G [F,x : T]p^i,^j\^. By induction hypothesis, (F, x : T) 1= t : f7, so to- G \U]p^y^j\^. 
Since v ^ 7V{U), it means that t^ G \U]p. □ 
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Remark 5.8. For a closed term t and a closed type T we immediately get 

[TjeCR and \- t : T ^ t € [T] (5.5) 

5.3. Results from the model. Remembering that reducibility candidates are included 
in PNq, an immediate consequence of Remark 15.81 is the perfect normalisation of typed 
A^-calculus. 

Theorem 5.9. Every well typed term is perfectly normalising for A^J. 

Furthermore, every closed and defined normal form is a value or the Daimon (Proposi- 
tion [TTT]). Since the Daimon is never created by a reduction step, typing a term ensures that 
it reduces strongly — and without case composition — on a value. We can even be more 
precise when using data types: if a term (written without ^) has type cTi . . .T^, then it 
reduces on a data structure cti . . . tk (Proposition 15. ip . 

Now we call pure value a data structure whose all sub-terms are data structures (such 
as cons (cons (S(SO)) nil) for instance) and pure data type a data type whose all 
sub-terms are data types. 

A pure value is trivially typable by a pure data type (just replace every constructor c 
in the term by the corresponding type constructor c to obtain the type, and use Constr 
and Data to derive the typing judgement). Conversely, every closed defined normal term 
without ^ in a pure data type is a pure value (by induction on the structure of the term, 
using Proposition 15. ip . 

Hence, if t is a term written without the Daimon, and D is a pure data type, 

\- t : D =^ t reduces strongly in on a pure value of D 

(where a pure value of cDi . . . Dk has form cvi . . .Vk with Vi a pure value of Dj). 

In that sense, we can say that case composition is unessential in this calculus: it is not 
necessary to reach pure values. 

Conclusion 

Typed lambda calculus with constructors provides a powerful polymorphic type system, 
with a notion of data types and type application. The difficulty of typing the commutation 
rule between case and application is overcome with a sub-typing system. In this paper 
we have shown that this type system ensures strong normalisation without match failure 
if we remove the composition of case analysers from the calculus. We can safely do so, 
since the case composition rule is not computationally necessary. However, we thus lose the 
separation property for the lambda calculus with constructors. 

Related works. The first presentation of the pattern calculus [13] comes with a ML-style 
type system. This type system is less expressive than ours and does not prevent match 
failure during reduction, but it is decidable. 

A more elaborated calculus, the extension calculus, was recently developed in [i4j. It is 
typed with an extension of System F a la Church, that provides type application and also a 
pattern matching mechanism on types. A proof of strong normalisation, using the method 
based on reducibility candidates, is done for a restriction of this system. Although no type 
inference algorithm exists for this calculus, it has been implemented in bondi [7]. 
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Several Church-style type systems have been proposed for the /j-calculus, including a 
family of type systems organised in a cube similar to Barendregt's. As far as we know, no 
Curry-style type system has been proposed for the />-calculus. 

Future works. This paper has raised many questions, mainly concerning a possible imple- 
mentation of lambda calculus with constructors. The first one is about recursively defined 
data types, such as 

not = U succ(nai) ; list T = nil U cons T (list T) 

Adding a double sub-typing judgement for each data type is a way to do it, but it requires 
checking the correctness of each rule. A fixpoint operator would probably be a better way, 
since it would allow to add recursive data types "on the fly" . 

Still with the view to implementing Ac-calculus, we need to isolate a decidable fragment 
of our type system. This is a real challenge when it comes to type case bindings (remind 
the example of Section [2131 page 171) and to use union types. 

Last, it could be interesting to develop a denotational semantic for the lambda calcu- 
lus with constructors. Since the literature about denotational semantics for pure lambda 
calculus (based on domain theory for instance) is abundant, we could try to adapt it to 
our calculus. An idea to do that, is to first traduce Ac-calculus into pure A-calculus (in the 
spirit of CPS translations). 
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